Skip to content
Legal Privacy notice

Privacy notice.

What we collect from this website, why we collect it, how long we keep it, and your rights under UK GDPR and the Data Protection Act 2018.

Draft — pending legal review. This notice has been prepared from a standard UK GDPR template appropriate for a B2B website collecting contact-form data. Items marked [TBC] need to be confirmed before public launch (registered office address, ICO registration number).

Last updated: 20 May 2026 · Version 1.0 (draft)

1. Who we are

BlueMetric OpCo Limited ("BlueMetric", "we", "us") is the data controller for personal data collected through this website. We are a UK private company registered in England & Wales under company number 17165530.

Registered office: [TBC — to be confirmed before public launch]

ICO registration number: [TBC — to be confirmed before public launch]

For all privacy-related enquiries, please use the contact form noting "privacy enquiry" in the message field.

2. What this notice covers

This notice covers personal data we collect through bluemetric.co.uk — primarily from the contact form on the contact page. It does not cover personal data we process under a signed BlueMetric subscription agreement (e.g. operator users of BlueMetric OS) — that processing is governed by the data processing agreement attached to your contract.

3. What we collect and why

DataPurposeLawful basisRetention
Name, work email, job title, company, estate type, number of sites, approximate units, message To respond to your contact request and follow up with a defensibility read. Legitimate interest (UK GDPR Art. 6(1)(f)) — to respond to enquiries. 24 months from last interaction, then deleted.
Submission metadata (timestamp, IP address — captured by our form-handling provider) Spam/abuse prevention and security log. Legitimate interest (UK GDPR Art. 6(1)(f)) — to protect the service. 90 days.
Acknowledgement-email metadata (delivery status) To confirm that our automated acknowledgement reached you. Legitimate interest (Art. 6(1)(f)) — operational integrity. 90 days at our transactional email provider.

4. Who processes your data

We use the following sub-processors to operate this website and respond to enquiries. Full sub-processor list available under NDA via the contact form.

  • Cloudflare — website hosting, DNS, edge functions. Data may be processed in the UK, EU, and globally for DDoS mitigation.
  • Formspree — initial enquiry routing to our internal triage. Submissions processed in the US under appropriate Article 46 transfer safeguards (Standard Contractual Clauses).
  • Resend — transactional email delivery for the acknowledgement email you receive. Submissions processed in the US under appropriate Article 46 transfer safeguards.

We do not sell personal data, and we do not pass it to any third party for that party's own marketing.

5. International transfers

Where any sub-processor is based outside the UK or transfers data outside the UK, we rely on the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision, as appropriate. Documentation of our transfer mechanisms is available under NDA via the contact form.

6. Cookies

This site uses only the cookies strictly necessary to deliver the page. We do not run analytics, advertising or tracking cookies on this marketing site. See the cookies notice for the full list.

7. Your rights

Under UK GDPR and the Data Protection Act 2018 you have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you (a Data Subject Access Request, "DSAR").
  • Right to rectification — ask us to correct inaccurate personal data.
  • Right to erasure ("right to be forgotten") — ask us to delete your personal data where there is no compelling reason to continue processing.
  • Right to restriction — ask us to pause processing while a question is resolved.
  • Right to object — object to our processing based on legitimate interests.
  • Right to portability — receive your data in a structured, commonly-used, machine-readable format.
  • Right to withdraw consent — where processing is based on consent (none of the above bases on this notice).

To exercise any of these rights, use the contact form noting "privacy rights request" in the message field. We will respond within one calendar month of receipt.

8. Complaints

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data-protection regulator, at ico.org.uk/concerns or by writing to the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. We would, however, appreciate the chance to address your concern before you approach the ICO.

9. Security

We follow appropriate organisational and technical measures to protect your data — UK data residency for marketing-site enquiries, encryption in transit (TLS 1.3) and at rest (AES-256), multi-factor authentication on every human account with access to the data, and a documented incident-response process. See the security statement for more.

10. Changes to this notice

We may update this notice from time to time. Material changes will be flagged at the top of the page with an updated revision date. We do not notify visitors individually of changes to this marketing-site notice.

© 2026 BlueMetric OpCo Limited · Co. No. 17165530.